Debian/Ubuntu OpenSSL Random Number Generator Vulnerabilityhttp://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/TRTA08-137A.html
JVNRSS based Status Tracking Notes: A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated. Any package that uses the affected version of SSL could be vulnerable.JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA08-137A2008-05-22T18:57+00:002008-05-19T22:52+00:002008-05-22T18:57+00:00

ThreatCON (2) => (1)https://tms.symantec.com/
No significant attacks are known to be targeting the recently disclosed SSH vulnerability affecting Debian and Ubuntu computers. All activity identified last week on port 22 has also subsided.
Symantechttp://www.us-cert.gov/cas/techalerts/TA08-137A.html2008-05-20T17:11+00:002008-05-20T17:11+00:002008-05-20T17:11+00:00INFOcon back to greenhttp://isc.sans.org/diary.html?storyid=4423
The Debian/Ubuntu SSL problem by now has sufficient media attention. Once the big security firms raise their threat level indicators, we at SANS ISC can go back to green :).
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-137A.html2008-05-16T21:56+00:002008-05-16T21:56+00:002008-05-16T21:56+00:00Microsoft Updates for Multiple Vulnerabilitieshttp://www.us-cert.gov/cas/techalerts/TA08-137A.html
Via US-CERT Mailing List
US-CERTTA08-137Ahttp://www.us-cert.gov/cas/techalerts/TA08-137A.html2008-05-16T14:17-04:002008-05-16T14:17-04:002008-05-16T14:17-04:00OpenSSL packages contain a predictable random number generatorhttp://www.jpcert.or.jp/at/2008/at080008.txt
JPCERT/CCJPCERT-AT-2008-0007http://www.us-cert.gov/cas/techalerts/TA08-137A.htmlhttp://www.kb.cert.org/vuls/id/9252112008-05-16T07:02+00:002008-05-16T07:02+00:002008-05-16T07:02+00:00Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (ruby)http://www.securityfocus.com/bid/29179
Debian SSH Key Tester
#Cid: debian_openssh_key_tester.rb
#Cid: 29179.rb
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA08-137A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-01662008-05-15T23:29+00:002008-05-15T23:29+00:002008-05-15T23:29+00:00ThreatCON (2) => (2)https://tms.symantec.com/
Debian, Ubuntu, and variants have an issue in the OpenSSL library that generates weak cryptographic keys. Users are urged to update their software and to regenerate new keys with the corrected OpenSSL library.
Symantechttp://www.us-cert.gov/cas/techalerts/TA08-137A.html2008-05-15T21:27+00:002008-05-15T21:27+00:002008-05-15T21:27+00:00INFOCon yellow: update your Debian generated keys/certs ASAP (Version: 2)http://isc.sans.org/diary.html?storyid=4421
As you can see, we raised the INFOCon level to yellow. The main idea behind INFOCon is to protect the Internet infrastructure at large, and the development on automated scripts exploiting key based SSH authentication looks like a real threat to SSH servers around the world (any SSH server using public keys that were generated on a vulnerable Debian machine - meaning - the keys had to be generated on a Debian machine between September 2006 and 13th of May 2008).
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-137A.html2008-05-15T15:30+00:002008-05-15T15:30+00:002008-05-15T15:30+00:00Remote Host Key Scannerhttp://www.securityfocus.com/bid/29179
SSH Key Tester
This script tests whether a target SSH server is vulnerable to the major weak SSL key bug found in May 2008
#Cid: seb-test-vul-ssh-host-rel1.sh
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA08-137A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-01662008-05-15T14:35+00:002008-05-15T14:35+00:002008-05-15T14:35+00:00Debian and Ubuntu OpenSSL and OpenSSH Vulnerabilitieshttp://www.us-cert.gov/current/archive/2008/05/15/archive.html#debian_openssl_vulnerability
US-CERT Current Activity
Debian and Ubuntu have released multiple security advisories to address vulnerabilities in their OpenSSL package and other cryptographic application packages that rely on it. These vulnerabilities are due to weaknesses in the random number generator that is used to create SSL and SSH cryptographic keys.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA08-137A.html2008-05-15T08:38-04:002008-05-15T08:38-04:002008-05-15T08:38-04:00Debian and Ubuntu users: fix your keys/certificates NOW (Version: 2) http://isc.sans.org/diary.html?storyid=4420
Today Matt wrote in to let us know that H D Moore posted a web page containing all SSH 1024, 2048 and 4096-bit RSA keys he brute forced.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-137A.html2008-05-15T12:02+00:002008-05-15T12:02+00:002008-05-15T12:02+00:00Debian OpenSSL Predictable PRNG Bruteforce SSH Exploithttp://www.securityfocus.com/bid/29179
Debian SSH Key Tester
#Cid: debian_ssh_rsa_2048_x86.tar.bz2
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA08-137A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-01662008-05-14T18:00+00:002008-05-14T18:00+00:002008-05-14T18:00+00:00openssh -- predictable random number generatorhttp://www.debian.org/security/2008/dsa-1576
The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH.
DebianDSA-1576http://www.us-cert.gov/cas/techalerts/TA08-137A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-01662008-05-142008-05-142008-05-14OpenSSH: Predictable PRNG in debian and ubuntu Linux (Version: 4) http://isc.sans.org/diary.html?storyid=4414
Debian and Ubuntu Linux users should look into their OpenSSH setup. It turns out the PRNG (Pseudo Random Number Generator) as used was predictable.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-137A.html2008-05-13T21:30+00:002008-05-13T21:30+00:002008-05-13T21:30+00:00A detector for known weak key materialhttp://security.debian.org/project/extra/dowkd/
Debianhttp://www.us-cert.gov/cas/techalerts/TA08-137A.html2008-05-13T13:50+00:002008-05-13T13:50+00:002008-05-13T13:50+00:00openssl -- predictable random number generatorhttp://www.debian.org/security/2008/dsa-1571
The random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.
DebianDSA-1571http://www.us-cert.gov/cas/techalerts/TA08-137A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-01662008-05-132008-05-132008-05-13